I dont think its a good way to configure the digest alg like this.

We should redesign the API, release a v2 of the package which passes the algorithm directly in the digest / encrypt operations.

@stv0g I don't disagree with you 😛

The goal of this change is to keep the current logic intact, while having a backwards compatible change to support a better hashing algorithm if implementers choose to do so. It's fairly similar to existing knobs exposed in the package. We don't intend this to be the new API.

+1 for this. I have a requirement to use AES256. Apple are no longer supporting SHA1 on some of their non-public verification APIs and we cannot implement their specification without this.

There is already a SetDigestAlgorithm() function to change the digest to use. Is that not working?

There is already a SetDigestAlgorithm() function to change the digest to use. Is that not working?

It works, but that has be called on every new instanced of SignedData. It can happen that the SignedData isn't easily accessible, making it harder to change on a per-use basis. The new function allows to override the package default for an entire application, which makes things a bit simpler to implement and reason about.